WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 19415fa8bf01 Credits Ngô Thiên An ancorn from VNPT-VCI...

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in Pimcore Adm...

PT-2023-30526 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: Pimcore Admin Classic Bundle versions prior to 1.2.1 Description: The issue allows an attacker to see the path to the webroot/file, which can be used in conjunction with other vulnerabilities, such as SQL Injection using the load file query, ...

CVE-2023-46722

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Use...

Cross site scripting

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Use...

CVE-2023-46722 Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Use...

CVE-2023-46722

Pimcore Admin Classic Bundle contains a cross-site scripting (XSS) vulnerability in PDF previews prior to version 1.2.0. The issue stems from insufficient input validation in the PDF preview path (AssetController.php getPreviewDocumentAction), enabling an attacker to craft a malicious PDF that ca...

Pimcore Security Vulnerability

Pimcore is Austria's Pimcore company's set of open source for the creation and management of Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A security vulnerability exists in...

CVE-2023-5844

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...

CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...

CVE-2023-5844

CVE-2023-5844 affects pimcore/admin-ui-classic-bundle prior to version 1.2.0. The root cause is an unverified password change, allowing an attacker to set an old password as the new one, violating password policy. Documented impact per OSV/GHSA entries indicates a password-policy bypass without e...

CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...

Pimcore Security Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore...

CVE-2023-40139

creationtimestamp| type| source ---|---|--- 2023-10-28 06:42:35+00:00| seen| https://t.me/cibsecurity/73080 2025-02-03 19:33:09+00:00| seen| https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c...

CVE-2023-40135

creationtimestamp| type| source ---|---|--- 2023-10-28 00:17:32+00:00| seen| https://t.me/cibsecurity/73092 2025-02-03 19:33:09+00:00| seen| https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c...

Moderate: Red Hat Bug Fix Advisory: Red Hat Ansible Automation Platform 2.4 Setup Bundle Release Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Setup Bundle Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to...

SUSE-SU-2023:3884-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2023-20897: Do not fail on bad message pack message bsc1213441 CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948...

SUSE-SU-2023:3877-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2023-20897: Do not fail on bad message pack message bsc1213441 CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948...

SUSE-SU-2023:3876-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2023-20897: Do not fail on bad message pack message bsc1213441 CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. bsc1214797, bsc1193948...

Cross-site Scripting

pimcore/admin-ui-classic-bundle is vulnerable to Cross-site Scripting. The vulnerability is due to sprintf function in functions.js which does not perform any escaping or sanitization of the subst and str value itself. This can lead to Cross-Site Scripting vulnerabilities if the str is later...